What is a Website Privacy Policy?

A Website Privacy Policy is a legal document that details how a Council collects, stores, protects, and uses the personal information it gathers from its website users. Personal information can include things like names, email addresses, physical addresses, IP addresses, and any other data that can be used to identify an individual.

The policy should clearly explain what information is being collected, why it's being collected, how it will be used, and how it will be kept safe.

Unlike a Data Protection Policy, a Website Privacy Policy should be an external document and easily accessible on your website, often in the footer of the web page.

‍

Does my Council Need a Website Privacy Policy?

A Website Privacy Policy would be necessary for any Council-operated website that collects personal information. This could include, for example, a site where residents can sign up for council updates or newsletters, or register for local council services.

The main reason for having a Website Privacy Policy is to promote transparency. It allows individuals to understand how their data is being used, thus giving them greater control over their information. The policy also helps strike a balance between the Council's requirements and the rights of the individuals providing their data.

‍

Key Features of a Website Privacy Policy:

1. Contact Details: This includes your Council's contact information and the details of your Data Protection Officer (DPO), if you have one. However, note that not every Council needs a DPO. For instance, charity councils are exempt from this requirement under current legislation.
2. Types of Personal Data Collected: This section should specify the kind of personal data your Council collects. This can range from names, addresses, and email addresses to payment information and transaction history.
3. Data Sources: Your policy should outline where the data comes from. Do you collect it directly from individuals, third-party sources, or online interactions?
4. Purpose of Data Collection: This is about why you collect the data. Are you using it to deliver a service, improve a service, or for training purposes?
5. Lawful Basis for Processing: This involves the legal justification for collecting and processing the data. It could be compliance with a legal obligation, contract fulfillment, or the legitimate interest of the Council.
6. Data Sharing: This section specifies who you share personal data with. It could be other suppliers, public authorities, or professional advisors.
7. Data Retention: This should outline how long you keep the data.
8. User Rights: Inform users about their rights under UK GDPR, such as the right to be forgotten, the right to data portability, and the right to object to processing.

‍

Remember, your Website Privacy Policy should be concise, transparent, and tailored to your audience. Review and update it at least annually or whenever there are changes in your data collection and processing activities. By drafting an effective Website Privacy Policy, you are not only complying with the law but also demonstrating that your Council takes privacy seriously.

‍

Take a look at other key legal documents your Council should have here.